AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Purchase usb network gate hacked5/1/2023 ![]() Thus, the default keyboard and mouse would be “trusted” once set up, and any new trojan devices would at least wait for confirmation, such as “You have plugged in a new USB keyboard. Whenever a new HID device is attached, the host should prompt the user before enumerating the device and accepting input from it. Regarding USB “Trojan” HID devices (mice/keyboard devices to the OS), the best defense that an OS could probably provide with the current USB specifications would probably be to track the Vendor ID (VID), Product ID (PID), and serial number (iSerial) that are in the USB device descriptor. There would definitely be some value to user education about the risks, but I would expect most people to plug the device in for one reason or another. I might actually hope for something malicious, just for the opportunity to study it. Would I plug the drive in? Probably, but I’d take some precautions, like using a low-value computer configured for the task. The contents of the device might not be harmful code, but could be crafted for social engineering in any number of ways, such as a forged document that leads the viewer to do something harmful.Something on the device could be carefully crafted to exploit driver vulnerabilities, allowing execution of arbitrary code even in the absence of normal “autorun” functionality.The device could be faulty (incidentally or intentionally) and could damage the computer.I absolutely agree that the OS should not automatically execute anything from a USB stick, but “autorun” malicious code is not the only risk. J10:39 There’s also the intent of appropriation. Tags: flash drives, malware, social engineering They’re just trying to get by.ĮDITED TO ADD (7/4): As of February of this year, Windows no longer supports AutoRun for USB drives. The problem is that it isn’t safe to plug a USB stick into a computer. The problem is that the OS will automatically run a program that can install malware from a USB stick. The problem is that the OS trusts random USB sticks. ![]() The problem isn’t that people are idiots, that they should know that a USB stick found on the street is automatically bad and a USB stick given away at a trade show is automatically good. ![]() But not if they plugged them into their computers. Maybe it would be the right response if 60% of people tried to play the USB sticks like ocarinas, or tried to make omelettes out of the computer disks. Mark Rasch, director of network security and privacy consulting for Falls Church, Virginia-based Computer Sciences Corp., told Bloomberg: “There’s no device known to mankind that will prevent people from being idiots.” It’s like “75% of people who picked up a discarded newspaper on the bus read it.” What else are people supposed to do with them? Of course people plugged in USB sticks and computer disks. And if the drive or CD had an official logo on it, 90% were installed. I’m really getting tired of stories like this:Ĭomputer disks and USB sticks were dropped in parking lots of government buildings and private contractors, and 60% of the people who picked them up plugged the devices into office computers. Yet Another "People Plug in Strange USB Sticks" Story ![]()
0 Comments
Read More
Leave a Reply. |